In Second Cybersecurity Dialogue, Accountability and Capabilities Highlighted
“The United States is not afraid to call out countries and hold governments accountable,” U.S. Embassy Berlin’s Charge d’Affairs Kent Logsdon emphasized to the policymakers gathered in the Bavarian Representation in Berlin at AICGS’ second round of its Transatlantic Cybersecurity Dialogue with the Hanns Seidel Stiftung. “The United States will use the tools of diplomacy and statesmanship. This includes sanctions as a response to cyber incidents,” he said.
Hours earlier, while the working groups of 10 Americans and 10 Germans from the Transatlantic Cybersecurity Dialogue were meeting, Treasury secretary Steven Mnuchin had announced that the U.S. government would be imposing sanctions against the Russians—five entities and nineteen individuals—for election interference and the NotPetya attack. The FBI and the Department of Homeland Security had simultaneously warned that the Russians were continuing cyber activities aimed at the U.S. power grid, where they had gained access after planting malware, and then conducting spear phishing to gain remote access to energy networks, and critical information on how the Industrial Control Systems are run. Germany was likewise feeling vulnerable, shortly after the malware and espionage activities attributed to Russia’s “Snake” hacker group on its internal government “Informationsverbund Berlin-Bonn” (IVBB) network was made public.
The cyber espionage campaigns and cyberattacks conducted against both countries gave added relevance to the Cybersecurity Transatlantic Partnership and its accompanying dialogue, which was launched in January. The dialogue, which includes a standing core of 10 American and 10 German policymakers from the government, academia, the military, and tech sectors, aims to improve information-sharing between the two countries for the purpose of coordinating analysis of and solutions to cyber threats in both the area of cyber defense and digital propaganda.
In the working group’s public discussion that evening, discussion of theoretical cyber norms—definitions, and rules of the road to be used when attacked—stood in contrast to current capabilities of both countries to use offensive cyber weapons. The urgent need for both countries to protect their national security from cyberattacks from state actors and their conduits made the question of when to use cyber weapons no easier to answer.
“I am of the opinion, that the Bundeswehr, as in every other domain, should have defensive as well as offensive instruments available,” German Parliamentarian Reinhard Brandl, CSU, stated. “Of course, our focus is on the defense against cyberattacks and the protection of our infrastructure against attacks. But it must be said: The Bundeswehr must have offensive capabilities in the cybersphere.”
Mr. Logsdon agreed that defending our systems and networks was vital: “One of the best tools we have to understand and get to the attribution of cyberattacks is our ability to hack back …” he said. At the same time, he cautioned that the solution lies in a layered approach. Governments should be able to “discover, attribute, and disrupt” the actions of criminal, non-state, state, and rogue actors and hold them accountable.
American and German participants were unified that increased transatlantic cooperation and improved cyber capabilities in both countries will help improve deterrence and accountability of those bad actors.